Analysis
-
max time kernel
0s -
max time network
384s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
19-09-2024 05:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://hripts/main/linux.shercontent.com/Lachine1/xmrig-scripts/main/linux.sh
Resource
ubuntu2204-amd64-20240729-en
Behavioral task
behavioral2
Sample
http://hripts/main/linux.shercontent.com/Lachine1/xmrig-scripts/main/linux.sh
Resource
debian12-armhf-20240221-en
General
-
Target
http://hripts/main/linux.shercontent.com/Lachine1/xmrig-scripts/main/linux.sh
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/module/apparmor/parameters/enabled dbus-daemon File opened for reading /sys/kernel/security/apparmor/features/dbus/mask dbus-daemon -
description ioc Process File opened for reading /proc/filesystems dbus-daemon File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/1574/attr/apparmor/current dbus-daemon File opened for reading /proc/filesystems sed File opened for reading /proc/sys/kernel/cap_last_cap dbus-daemon File opened for reading /proc/1574/status dbus-daemon File opened for reading /proc/1569/cmdline dbus-daemon File opened for reading /proc/mounts dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/self/fd dbus-send File opened for reading /proc/self/maps grep File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems sed File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep File opened for reading /proc/self/fd dbus-send File opened for reading /proc/self/maps grep File opened for reading /proc/1590/cmdline dbus-daemon File opened for reading /proc/self/maps grep File opened for reading /proc/self/maps grep -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1568 xdg-open 1659 firefox
Processes
-
/usr/bin/xdg-openxdg-open http://hripts/main/linux.shercontent.com/Lachine1/xmrig-scripts/main/linux.sh1⤵
- System Network Configuration Discovery
PID:1568 -
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵
- Reads runtime system information
PID:1569 -
/usr/bin/dbus-launchdbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr3⤵PID:1570
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session4⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1572
-
-
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵
- Reads runtime system information
PID:1576
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵PID:1575
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵
- Reads runtime system information
PID:1578
-
-
/usr/bin/xpropxprop -root2⤵PID:1577
-
-
/usr/bin/grepgrep -q "^Enlightenment"2⤵
- Reads runtime system information
PID:1580
-
-
/usr/bin/unameuname2⤵PID:1581
-
-
/usr/bin/grepgrep -q "^file://"2⤵
- Reads runtime system information
PID:1583
-
-
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:1585
-
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:1585
-
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:1585
-
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵PID:1585
-
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
- Reads runtime system information
PID:1585
-
-
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"2⤵
- Reads runtime system information
PID:1588
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/http2⤵PID:1589
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵
- Reads runtime system information
PID:1590 -
/usr/bin/dbus-launchdbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr4⤵PID:1591
-
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
- Reads runtime system information
PID:1593
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵PID:1592
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵
- Reads runtime system information
PID:1595
-
-
/usr/bin/xpropxprop -root3⤵PID:1594
-
-
/usr/bin/grepgrep -q "^Enlightenment"3⤵
- Reads runtime system information
PID:1597
-
-
/usr/bin/unameuname3⤵PID:1598
-
-
/usr/bin/sedsed "s/:/ /g"3⤵
- Reads runtime system information
PID:1601
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:1606
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:1605
-
-
/usr/bin/headhead -n 13⤵PID:1604
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:1603
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:1611
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:1610
-
-
/usr/bin/headhead -n 13⤵PID:1609
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:1608
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:1616
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:1615
-
-
/usr/bin/headhead -n 13⤵PID:1614
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:1613
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:1621
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:1620
-
-
/usr/bin/headhead -n 13⤵PID:1619
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:1618
-
-
/usr/bin/cutcut -d ";" -f 13⤵PID:1626
-
-
/usr/bin/cutcut -d "=" -f 23⤵PID:1625
-
-
/usr/bin/headhead -n 13⤵PID:1624
-
-
/usr/bin/grepgrep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache3⤵
- Reads runtime system information
PID:1623
-
-
-
/usr/bin/sedsed "s/:/ /g"2⤵
- Reads runtime system information
PID:1629
-
-
/usr/bin/sedsed -e "s|-|/|"2⤵
- Reads runtime system information
PID:1632
-
-
/usr/bin/sedsed -e "s|-|/|"2⤵
- Reads runtime system information
PID:1635
-
-
/usr/bin/cutcut "-d=" -f 2-2⤵PID:1640
-
-
/usr/bin/whichwhich firefox2⤵PID:1641
-
-
/usr/bin/cutcut "-d=" -f 2-2⤵PID:1644
-
-
/usr/bin/cutcut "-d=" -f 2-2⤵PID:1647
-
-
/usr/bin/cutcut "-d=" -f 2-2⤵PID:1655
-
-
/usr/bin/cutcut "-d=" -f 2-2⤵PID:1658
-
-
/usr/bin/firefox/usr/bin/firefox http://hripts/main/linux.shercontent.com/Lachine1/xmrig-scripts/main/linux.sh2⤵
- System Network Configuration Discovery
PID:1659
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
465B
MD5cfb6b36bd9e55392c99441ea0798e5f4
SHA1d819e181c9d5d8d1e7f40564b6b19cef0202d735
SHA2565828ef3ca9e72cafdba9490b2f9d9f451ee3105efde4837cdec4bcd16228f39c
SHA512066fb1f1ffca4791e9b11c98f15b1282cc369c0338d99a1a856dbd0d0c273fdf9e571af0de5bc274e2df0c6f92e8d45badf50b8738d60df9b71671f3226da707